CVE-2016-5011 : The parse_dos_extended function in partitions/dos.c in the libblkid library in u

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

Published 2017-04-11 15:59:00

Updated 2020-09-11 15:22:28

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-5011

IBM » Power Hardware Management Console » Version: 8.8.6.0
cpe:2.3:a:ibm:power_hardware_management_console:8.8.6.0:*:*:*:*:*:*:*
Matching versions
IBM » Powerkvm » Version: 3.1
cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*
Matching versions
IBM » Powerkvm » Version: 2.1
cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Kernel » Util-linux
Versions up to, including, (<=) 2.28
cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-5011

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 15 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-5011

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	0.9	3.6	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2016-5011

http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543

IBM Security Bulletin: A vulnerability in util-linux affects PowerKVM (CVE-2016-5011)
Third Party Advisory
http://www.securitytracker.com/id/1036272

Util-linux MBR Partition Parsing Bug Lets Physically Local Users Cause Denial of Service Conditions on the Target System - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/91683

util-linux CVE-2016-5011 Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-2605.html

RHSA-2016:2605 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801

IBM Security Bulletin: Vulnerabilities in util-linux affect Power Hardware Management Console (‪CVE-2016-5011‬‬)
Third Party Advisory
https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3

util-linux/util-linux.git - The util-linux code repository.
Patch;Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/07/11/2

oss-security - CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS
Mailing List;Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2016-5011

Products affected by CVE-2016-5011

Exploit prediction scoring system (EPSS) score for CVE-2016-5011

CVSS scores for CVE-2016-5011

References for CVE-2016-5011